Privacy policy

1. Introduction

The ​Department of the Environment, and most functions in the portfolio, are bound by the Australian Privacy Principles in the Privacy Act 1988. The Principles regulate how agencies collect, use, disclose and store personal information, including sensitive information, and how individuals may access and correct records containing their personal information.

We respect your rights to privacy under the Privacy Act and we will comply with the requirements under the Act in respect of the collection and management of your personal information.

This document is our privacy policy and it tells you how we collect and manage your personal information.

2. Privacy policy in the environment portfolio

The Department of the Environment is responsible for implementing the Australian Government’s policies to protect our environment and heritage and to promote a sustainable way of life.

We have arrangements in place to assist our Minister and certain offices in the portfolio to comply with the Privacy Act and the Principles. This privacy policy applies to the Department and to those offices which the Department assists in complying with the Privacy Act and the Principles. Those functions include:

  • Alligator Rivers Region Technical Committee;
  • Alligator Rivers Region Advisory Committee;
  • Australian Heritage Council;
  • Commonwealth Environmental Water Holder;
  • Director of National Parks;
  • Independent Expert Scientific Committee on Coal Seam Gas and Large Coal Mining Development;
  • Indigenous Advisory Committee;
  • National Environmental Protection Council;
  • Supervising Scientist; and
  • Threatened Species Scientific Committee.

The following portfolio agencies manage their own privacy compliance and have their own privacy policies. For more information please refer to their websites:

Our website may contain links to other websites operated by third parties. No representations or warranties in relation to the privacy practices of any third party website are made and we are not responsible for the privacy policies or the content of any third party website.

3. Personal information

When used in this privacy policy, the term “personal information” has the meaning given to it in the Privacy Act. 

In general terms, personal information is any information that can be used to identify you and includes your name, address, telephone number, facsimile number, email address and profession or occupation. If the information we collect identifies you, or if your identity can be reasonably ascertained from it, the information will be considered personal information.

4. Types of personal information

We collect, store and from time to time disclose information. This information can include:

  • full name;
  • mailing or street address;
  • e-mail address;
  • telephone contact number;
  • facsimile number;
  • age or birth date;
  • gender;
  • profession, occupation or job title;
  • financial details and assets including bank and property information;
  • insurance details;
  • employment, curriculum vitae and education information;
  • vessel and vehicle details;
  • emergency details including next of kin;
  • diversity and cultural backgrounds;
  • driver’s licence and passport information;
  • photographs of people;
  • credit card transactions;
  • travel details;
  • the products and services you have purchased or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries;
  • any other information disclosed to us by you or a third party which we believe to be reasonably necessary for the conduct of our law enforcement related activities;
  • other information relating to you that you provide to us directly or indirectly through use of our websites, through our representatives or otherwise; and
  • information you provide to us through our service centre, customer surveys or visits by our representatives.

We may also collect information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.

5. How do we collect your personal information?

We collect personal information directly from the individual unless it is unreasonable or impracticable to do so. When collecting personal information, we may collect it in a number ways that include:

  • through personal information provided by you on our websites;
  • through correspondence and applications received from you;
  • during conversations between you and our authorised representatives;
  • when you complete an application form regarding programs, permits and functions administered by us;
  • through your subscription for information and updates of programs and functions administered by us;
  • through your participation in our stakeholder engagement processes and public and statutory consultations;
  • when you complete a survey and/or questionnaire;
  • when you provide services or supply goods to us;
  • through a criminal record check;
  • through your access of our databases; and
  • through other lawful processes such as the use of coercive powers where provided for under legislation.

We may also collect personal information from third parties because:

  • you consented to the collection of the information from someone other than yourself;
  • we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than yourself; or
  • it is unreasonable or impracticable for us to collect the information from you.

These third parties include:

  • law enforcement agencies and other Commonwealth, State, local and international government agencies;
  • organisations or individuals with an interest in our business and activities that you may be associated with (for example, you have been listed as an emergency contact or referee etc);
  • medical practitioners for health assessments;
  • financial institutions;
  • legal representatives;
  • contracted service providers and consultants;
  • industry groups; and
  • universities.

6. Privacy notice

At or before the time we collect your personal information (or as soon as practicable afterwards), we may provide you with a notice (also known as ‘Privacy Notice’ or ‘Australian Privacy Principle (APP) Notice’) containing the following information:

  • the fact that we have collected your personal information, if it is likely that:
    • we collected the information from another source; or
    • you may not be aware that we have collected the information;
  • details of any law or court order that requires or authorises the collection of your personal information;
  • the purposes for which we have collected your personal information;
  • the consequences (if any) if the personal information is not collected;
  • the details of any other person or entity to whom your personal information may be disclosed;
  • our APP privacy policy; and
  • whether your personal information is likely to be disclosed on our website.

7. Sensitive personal information

We may collect sensitive personal information about you, including:

  • information or opinion about your:
    • racial or ethnic origin;
    • political opinions;
    • membership of a political association;
    • religious beliefs or affiliations;
    • philosophical beliefs;
    • membership of a professional or trade association;
    • membership of a trade union; and
    • criminal record;
  • health information about you.

8. Cookies

In some cases, we may also collect your personal information using cookies. When you access our website, we may send a “cookie” (a small summary file containing a unique ID number) to your computer. 

Cookies are used to maintain a user’s settings and preferences on a website, and can be analysed by us to help improve our online services.  Our cookies do not collect personal information. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

We may also log IP addresses (the electronic addresses of computers connected to the Internet) to assist in analysing trends, administering the website, and gathering broad demographic information.

Our website also uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. We use Google Analytics in order to understand how users engage with our website. Data transmitted includes, for example, the web address of the page that you're visiting and your IP address. Google may also set cookies on your browser, or read cookies that are already there. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

More information about how Google Analytics collects and processes data is described in Google's Privacy Policy. If you don’t want Google Analytics to be used in your browser, you can use the opt-out service provided by Google or the ’incognito’ mode in your browser. 

9. What happens if we can't collect your personal information?

When interacting with us, you are not required to identify yourself. You may use a pseudonym. However, this does not apply if:

  • it is impracticable for us to interact with you, because you have not identified yourself or you use a pseudonym; or
  • we are required or authorised by or under an Australian law, or a court/tribunal order, to interact with individuals who have identified themselves. For example, the Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act) and associated Regulations require personal information to be provided for the purposes of referrals, approvals and permits. There are mandatory requirements for this information to be published and/or made available for public comment. Public comments received by us also contain personal information about the individual making the submission.

If you do not provide us with the personal information described above, some or all of the following may happen:

  • we may not be able to provide the requested products or services to you, either to the same standard or at all;
  • we may not be able to provide you with information about products and services that you may want; or
  • you may be in breach of an Australian law requiring you to provide such information. However, in this circumstance you would be advised of our legal powers to require such information from you and the implications of any failure to do so.

10. How do we treat unsolicited personal information?

From time to time, we receive personal information that is additional to information that we have solicited or information that we have not taken active steps to collect. This is known as ‘unsolicited personal information’ and includes:

  • misdirected mail received by us;
  • correspondence to us, our Minister and Parliamentary Secretary from members of the community, or other unsolicited correspondence;
  • a petition sent to us that contains names and addresses;
  • employment, internship, work experience or volunteering applications sent to us on an individual’s own initiative and not in response to an advertised vacancy;
  • a promotional flyer or email containing personal information, sent to us by an individual promoting the individual’s business or services;
  • court documents for proceedings to which we are a party or may have an interest; and
  • information supplied by an informant or another enforcement body, which relates to our function as an enforcement body.

If we receive unsolicited personal information and we decide that we are not permitted to collect it in accordance with the privacy principles, we will take reasonable steps to destroy or de-identify the information as soon as practicable, unless it is contained in a ‘Commonwealth record’ or it is unlawful or unreasonable to do so.

11. Why do we collect, store, use and disclose your personal information?

We collect personal information about you so that we can perform our activities and functions and endeavour to provide quality customer service.

We may collect, hold, use and disclose your personal information for purposes that include the following:

  • to process and assess applications (funding, grants, permits etc) under programs and functions we administer including procurement and tender processes, permits, grants etc;
  • to provide you with our products such as research reports, guidelines, Annual/Outcomes reports etc;
  • to provide services to you;
  • to send communications requested by you;
  • to provide information and to seek feedback or advice on matters;
  • to answer enquiries, and provide information or advice about existing and new products or services;
  • to conduct administrative functions including booking of travel, accommodation and allowance payments, health assessments and workers compensation matters;
  • for the administrative, planning, product or service development, quality control and research, project and grant purposes of the Department, its contractors or service providers;
  • where we are required or authorised to collect your personal information under an order of a court or tribunal or under legislation (such as under the EPBC Act);
  • to update our records and keep your contact details up to date;
  • to process and respond to any complaint made by you;
  • to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of another country;
  • to ensure that we and members of the public comply with laws administered by the Commonwealth; and
  • to conduct enforcement related activities.

Your personal information will not be shared, sold, rented or disclosed other than as described in this privacy policy.

12. How do we use your personal information?

We can use your personal information for the primary purpose for which it was collected. (Our privacy notice (see section 6 above) will explain the primary purpose.) We may also use your personal information for other purposes that are permitted under the Privacy Act. Those other purposes include where:

  • we obtain your consent to use the information for that other purpose;
  • you would reasonably expect us to use or disclose the information for a secondary purpose that is related to the primary purpose (for sensitive personal information, this secondary purpose must be directly related to the primary purpose);
  • the use or disclosure is required or authorised under law or court/tribunal order;
  • we reasonably believe that the disclosure is necessary for an enforcement related purpose.

13. Disclosure of personal information

We may disclose your personal information to third parties that we specify in our privacy notice when we collect the information, or to whom disclosure is otherwise permitted under the Privacy Act. Without limiting this, those third parties could be: ​

  • contractors or service providers for the purposes of operation of our website or our functions, fulfilling requests by you, and to otherwise provide information, products and services to you including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors, consultants and travel providers;
  • suppliers and other third parties with whom we have commercial relationships for business, marketing, and related purposes;
  • peer reviewers and committee members for the purpose of assessing your applications;
  • an organisation that you have given consent for us to supply the information to;
  • an organisation that you would reasonably expect us to supply the information to for a purpose that is related to the primary purpose of collection (for sensitive personal information, this secondary purpose must be directly related to the primary purpose);
  • other Commonwealth or State agencies for the purposes of compliance breaches, investigations, legal actions and insurance claims;
  • law enforcement bodies, agencies and authorities regarding infringement notices;
  • our Minister, Parliamentary Secretary and portfolio agencies for the purposes of administering portfolio programs and functions; and/or
  • a House or Committee of the Parliament of the Commonwealth of Australia.

Personal information provided with an application, permit or referral for which mandatory publication requirements exist under the EPBC Act, will be published on our website. This information is available to the general public.

Public submissions made on applications, permits or referrals may be published by us as part of the assessment process required under the EPBC Act. Individuals that make submissions to us will have the option of having their personal details removed before publication.

14. Do we disclose your personal information to anyone overseas?

We may disclose personal information to third party suppliers and service providers, researchers and governments located overseas for some of the purposes listed in paragraph 13 of this policy. This includes disclosure to:

  • peer reviewers anywhere in the world where the appropriate scientific expertise exists; and
  • overseas recipients if we believe the disclosure of the information is reasonably necessary for our enforcement related functions and the recipient is a body that performs functions, or exercises powers, that are similar to those performed or exercised by an Australian enforcement body.

We will take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

15. Storage and access to personal information

15.1 How is your personal information stored and secured?

We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form. Where reasonable and practicable to do so, personal information is destroyed or de-identified when no longer needed.

Personal information that is contained in hard copy is secured in accordance with our Information Security Policy.

However, as our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us via our website. We also cannot guarantee that the information you supply by email will not be intercepted while being transmitted. Accordingly, any personal information or other information, which you transmit to us, is transmitted at your own risk.

Sensitive enforcement-related personal information is held in a restricted database and appropriate security clearances are required to access such information.

15.2 Who has access to your personal information within the Department?

We take reasonable steps to ensure that access to your personal information occurs only for legitimate purposes and on a need to know basis.

15.3 Personal information no longer required

We take reasonable steps to ensure that we delete or de-identify personal information that is no longer required for the purpose for which the information was originally collected.

In addition, personal information in electronic form is deleted if it is no longer required. Similarly, personal information contained in undelivered emails or return post is deleted or destroyed from our databases.

16. How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting us (details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We will not charge you for providing your personal information to you, or for the costs of making any corrections to your personal information.

There may be instances where we cannot grant you access to your personal information. For example, we may need to refuse access if we are required or authorised to refuse access under an Australian law. If that happens, we will give you written notice of the reasons for the refusal within 30 days of receipt of your request, together with information about how you can complain about our refusal, if you wish to do so.

If you believe that your personal information is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider whether the information requires amendment. If we do not agree that there are grounds for amendment, we will give you written notice of the reasons for the refusal within 30 days of receipt of your request, together with information about how you can complain about our refusal, if you wish to do so.

Current and former employees can make arrangements to access their personal information with our Personnel Section at

17. What is the process for complaining about a breach of privacy?

If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please use the contact link on our website or contact our Privacy Officer via the details set out below (at paragraph 18).

We will treat your requests or complaints as your personal information. One of our representatives will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

At the conclusion of the investigation, we will provide a written response to you regarding your complaint. If you are not satisfied with our response, you may refer your complaint to the Australian Privacy Commissioner.

18. Contacting us

18.1 Contact details for our Privacy Contact Officer:

Privacy Contact Officer
Department of the Environment
GPO Box 787

Phone: 02 6274 2603

18.2 Changes to our privacy policy

We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website.

This privacy policy was last updated on 21 December 2015.

19. Definition of common terms

Terms Meaning
Personal information Has the meaning given to it in the Privacy Act, and includes any 'information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Sensitive information


  • information or opinion (that is also personal information) about an individual's:
    • racial or ethnic origin
    • political opinions
    • membership of a political association
    • religious beliefs or affiliations
    • philosophical beliefs
    • membership of a professional or trade association
    • membership of a trade union
    • sexual preferences or practices, or
    • criminal record;
  • health information about an individual;
  • genetic information (that is not otherwise health information);
  • biometric information that is to be used for the purpose of automated biometric verification or biometric identification; and
  • biometric templates.


Includes any consent that is implied or expressed by an individual. In providing consent:

  • it must be provided voluntarily;
  • the individual must be adequately informed of what they are consenting to;
  • it must be current and specific; and
  • the individual must have the capacity to understand and communicate their consent.

Commonwealth records

A record that is the property of the Commonwealth or a Commonwealth institution.


We collect personal information when we acquire it for inclusion in a record or generally available publication.


A release from effective control is generally a disclosure irrespective of our reason for releasing the information. It includes proactive release, release in response to a specific request and accidental release.


We use personal information when we handle and manage that information within the Department.


We hold personal information when we have possession or control of a record that contains personal information.